Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leak in ReadMPCImage coders/mpc.c:228 #739

Closed
jerryl3e opened this issue Sep 8, 2017 · 2 comments
Closed

memory leak in ReadMPCImage coders/mpc.c:228 #739

jerryl3e opened this issue Sep 8, 2017 · 2 comments
Labels

Comments

@jerryl3e
Copy link

jerryl3e commented Sep 8, 2017

version:
ImageMagick 7.0.7-1 Q16 x86_64
gcc 7.1

crash link :
https://raw.githubusercontent.com/jerryl3e/poc/master/im_poc_1504839414

trigger command :
./magick convert im_poc_1504839414 /dev/null

detail :


root@work:/home/work/fuzzing/ImageMagick-7.0.7-1/utilities# ./magick convert im_poc_1504839414 /dev/null
convert: improper image header `im_poc_1504839414' @ error/mpc.c/ReadMPCImage/573.
convert: no images defined `/dev/null' @ error/convert.c/ConvertImageCommand/3275.

=================================================================
==128575==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4096 byte(s) in 1 object(s) allocated from:
    #0 0x7effb74b9920 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde920)
    #1 0x7effb6b3b336 in AcquireMagickMemory MagickCore/memory.c:464
    #2 0x7effb6b3b38a in AcquireQuantumMemory MagickCore/memory.c:537
    #3 0x7effb6c6d0ce in AcquireString MagickCore/string.c:136
    #4 0x7effb6d97218 in ReadMPCImage coders/mpc.c:228
    #5 0x7effb69ce6b0 in ReadImage MagickCore/constitute.c:497
    #6 0x7effb69d1597 in ReadImages MagickCore/constitute.c:866
    #7 0x7effb62a4242 in ConvertImageCommand MagickWand/convert.c:641
    #8 0x7effb639dacd in MagickCommandGenesis MagickWand/mogrify.c:183
    #9 0x401a25 in MagickMain utilities/magick.c:149
    #10 0x401c9e in main utilities/magick.c:180
    #11 0x7effb59c982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 4096 byte(s) leaked in 1 allocation(s).

Credit:Baidu Security Lab

@mikayla-grace
Copy link

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ http://www.imagemagick.org/download/beta/ by sometime tomorrow.

@fgeek
Copy link

fgeek commented Sep 12, 2017

Please use CVE-2017-14324 for this issue.

@dlemstra dlemstra added the bug label Sep 12, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

4 participants